x0rz @x0rz@mastodon.social

Tweets are automatically forwarded from https://twitter.com/x0rz

Anatomy of a Spammy Campaign https://mailinator.blogspot.com/2018/07/mailinatorcom-anatomy-of-spammy-campaign.html #spam #phishing https://t.co/OlQ5WiMfIK

Majority is not Enough: Bitcoin Mining is Vulnerable https://www.cs.cornell.edu/~ie53/publications/btcProcFC.pdf (PDF) #bitcoin #cryptocurrency

gg

Am I the only one thinking Cicada 3301 was some kind of CIA project? https://www.youtube.com/watch?v=I2O7blSSzpI #Cicada3301

Another case of infected npm module trying to install malware https://github.com/eslint/eslint-scope/issues/39 #malware #opsec

Ah! US military documents leaked because some officer did not change default password on his FTP server... although he completed the Cyber Awareness Challenge! So much for that 🤦‍♂️ https://www.recordedfuture.com/reaper-drone-documents-leaked/ #leak #infosec #opsec #fail https://t.co/vlnXOQ8LfW

Here is my last article: Uncovering a live #psyops campaign targeting France in the last couple of years https://blog.0day.rocks/uncovering-foreign-trolls-trying-to-influence-french-elections-on-twitter-a78a8c12953 #OSINT #propaganda #influence #manipulation #russia 🇷🇺

What the fuck did I just read 🤦‍♂️ https://t.co/RBMeF8FZMy

DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning https://acmccs.github.io/papers/p1285-duA.pdf (PDF) #machinelearning #blueteam https://t.co/MuP0WnJAKj

The more I think about this reward the more I think this is the price paid for the guy to shut the f*ck up. This is not a bounty, this is a ransom 😳

That’s a new high score ($100k for a #bugbounty), the vulnerability must be NUTS https://hackerone.com/intel/hacktivity #vulnerability #intel https://t.co/uIFLtMJt5D

After talking with someone from @protonmail, please be cautious reading this article.
1) It's coming from a website which is an affiliate and owned by a competitor VPN provider.
2) Some claims are ridiculous and far-fetched.

Talking about VPNs, the free Hola VPN was caught doing some malicious MITM-style attacks https://techcrunch.com/2018/07/09/myetherwallet-hit-by-attack-hola/

Apparently, ProtonVPN is tied to a data mining company from Lithuania (Tesonet) ¯\_(ツ)_/¯ https://www.bestvpn.co/protonvpn-is-scam/ #VPN #privacy

ICYMI, "An unknown entity gained control of an admin account for the Gentoo GitHub Organization [...]" https://wiki.gentoo.org/wiki/Project:Infrastructure/Incident_Reports/2018-06-28_Github #gentoo #compromise #DFIR #supplychainattacks

Just a friendly reminder that this Mastodon account is a proxy from my Twitter (https://twitter.com/x0rz) and that I mostly don't read mentions here (I only connect every few weeks) ✌️

A well done operation requires preparation: they were prepared to face at least 2 employees to distract https://t.co/2wcNmRaURi

Source & full-video: https://www.youtube.com/watch?v=y83ZgzuFBSE

Look at suspect #1 distracting the employee behind the cash register while #2 is covering the POS machine, these aren't amateurs #skimmer #carding #cybercrime https://t.co/C0X6IuNk9n

This is the Shodan of open Amazon S3 buckets, you can expect anything and everything 👌 https://buckets.grayhatwarfare.com/ #OSINT #redteam https://t.co/ylIPDrnMD1